okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update INSTALL.md

Browse Source
This commit is contained in:
Marisa 2025-10-12 13:37:33 -04:00
parent d222085be8
commit e065f5ffc2
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
INSTALL.md
View File

@ -99,13 +99,13 @@ adding new entry "cn=default,ou=policies,dc=example,dc=com"
^C
```
You can change password policies like pwdMinLength, pwdMaxFailure, pwdMaxAge, etc.
You can change password policies like pwdMinLength, pwdMaxFailure, pwdMaxAge, etc. and all organizationalUnits (and therefore, their users) will be affected by default unless configured otherwise.
\
\
In order to enforce our password configuration we need something to control.
Copy the command, and copy-paste the content, press enter to exec, you can escape with CTRL+C.
```
# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:///
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:///
dn: ou=Supergirls,dc=example,dc=com
objectClass: organizationalUnit
ou: Supergirls
@ -115,12 +115,12 @@ adding new entry "ou=Supergirls,dc=example,dc=com"
```
Create a password hash for the user marisa
```
root@example:/etc/ldap/slapd.d# slappasswd -s qwerty
root@example:/# slappasswd -s qwerty
{SSHA}fgEXXr2J08jTVfgyOnkRL2I1JNL4Bp5V
```
Copy-paste all this attributes after the command, remember to write down the hashed password correctly.
```
root@example:/etc/ldap/slapd.d# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:///
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:///
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
@ -141,12 +141,12 @@ adding new entry "uid=marisa,ou=Supergirls,dc=example,dc=com"
```
marisa and all users added to Supergirls will respect the password default policies, you can check it out, example:
```
root@example:/etc/ldap/slapd.d# ldappasswd -x -w qwerty -H ldapi:/// -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -s marisakirisame
root@example:/# ldappasswd -x -w qwerty -H ldapi:/// -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -s marisakirisame
Result: Constraint violation (19)
Additional info: Password fails quality checking policy
```
Password rejected because we established before pwdMinLength was 8.
```
root@example:/etc/ldap/slapd.d# ldappasswd -x -w qwerty -H ldapi:/// -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -s kirisame
root@example:/# ldappasswd -x -w qwerty -H ldapi:/// -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -s kirisame
```
"kirisame" is accepted because it's within 8 length characters.